René Berber wrote: > A couple of comments: > > - Why is "Level 3"? Weird stuff from OS-X, INFO is level 6, ERR is level 3.
I have no idea! :-) > - I would use a shorter and simpler regex: > Authentication failure for illegal user ?P from ?P > > but perhaps that one would match bad telnet/rlogin/and local login failures, > you > may need: > .*Sender sshd.*Authentication failure for illegal user ?P from ?P I don't have a problem with matching bad logins from other services. Is there a good reason not to match bad logins from telnet, for instance? I'm thinking: Authentication failure for illegal user (\w+) from ([0-9\.]+) This should store the username and IP by my reading. I'm concerned that I missed something fundamental because I don't know the purpose of ?P in denyhosts. Are these special? Is it something generic that I should already know? Perhaps the internal processing done by denyhosts comes into play here? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
